Total
7225 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-1722 | 1 Cisco | 2 Expressway Series, Telepresence Video Communication Server | 2019-10-09 | 4.3 MEDIUM | 6.5 MEDIUM |
| A vulnerability in the FindMe feature of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected system. The vulnerability is due to insufficient CSRF protections for the web-based management interface of the affected system. An attacker could exploit this vulnerability by persuading a user of the interface to follow a maliciously crafted link. A successful exploit could allow the attacker to perform arbitrary actions on an affected system with the privileges of the user. The arbitrary actions include adding an attacker-controlled device and redirecting calls intended for a specific user. For more information about CSRF attacks and potential mitigations, see Understanding Cross-Site Request Forgery Threat Vectors. This vulnerability is fixed in software version X12.5.1 and later. | |||||
| CVE-2019-1632 | 1 Cisco | 2 Integrated Management Controller, Unified Computing System | 2019-10-09 | 6.0 MEDIUM | 8.0 HIGH |
| A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) could allow an authenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. The vulnerability is due to insufficient CSRF protections for the web-based management interface of the affected device. An attacker could exploit this vulnerability by persuading a user to follow a malicious link. A successful exploit could allow the attacker to use a web browser and the privileges of the user to perform arbitrary actions on the affected device. | |||||
| CVE-2019-13071 | 1 Cyberpowersystems | 1 Powerpanel | 2019-10-09 | 6.8 MEDIUM | 8.8 HIGH |
| CSRF in the Agent/Center component of CyberPower PowerPanel Business Edition 3.4.0 allows an attacker to submit POST requests to any forms in the web application. This can be exploited by tricking an authenticated user into visiting an attacker controlled web page. | |||||
| CVE-2019-13920 | 1 Siemens | 1 Sinema Remote Connect Server | 2019-10-09 | 4.3 MEDIUM | 4.3 MEDIUM |
| A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V2.0 SP1). Some parts of the web application are not protected against Cross Site Request Forgery (CSRF) attacks. The security vulnerability could be exploited by an attacker that is able to trigger requests of a logged-in user to the application. The vulnerability could allow switching the connectivity state of a user or a device. At the time of advisory publication no public exploitation of this security vulnerability was known. | |||||
| CVE-2019-11207 | 1 Tibco | 42 Loglogic Enterprise Virtual Appliance, Loglogic Log Management Intelligence, Loglogic Lx1025 and 39 more | 2019-10-09 | 6.8 MEDIUM | 8.8 HIGH |
| The web server component of TIBCO Software Inc.'s TIBCO LogLogic Enterprise Virtual Appliance, and TIBCO LogLogic Log Management Intelligence contains multiple vulnerabilities that theoretically allow persistent and reflected cross-site scripting (XSS) attacks, as well as cross-site request forgery (CSRF) attacks. This issue affects: TIBCO Software Inc. TIBCO LogLogic Enterprise Virtual Appliance version 6.2.1 and prior versions. TIBCO Software Inc. TIBCO LogLogic Log Management Intelligence 6.2.1. TIBCO LogLogic LX825 Appliance 0.0.004, TIBCO LogLogic LX1025 Appliance 0.0.004, TIBCO LogLogic LX4025 Appliance 0.0.004, TIBCO LogLogic MX3025 Appliance 0.0.004, TIBCO LogLogic MX4025 Appliance 0.0.004, TIBCO LogLogic ST1025 Appliance 0.0.004, TIBCO LogLogic ST2025-SAN Appliance 0.0.004, and TIBCO LogLogic ST4025 Appliance 0.0.004 using TIBCO LogLogic Log Management Intelligence versions 6.2.1 and below. TIBCO LogLogic LX1035 Appliance 0.0.005, TIBCO LogLogic LX1025R1 Appliance 0.0.004, TIBCO LogLogic LX1025R2 Appliance 0.0.004, TIBCO LogLogic LX4025R1 Appliance 0.0.004, TIBCO LogLogic LX4025R2 Appliance 0.0.004, TIBCO LogLogic LX4035 Appliance 0.0.005, TIBCO LogLogic ST2025-SANR1 Appliance 0.0.004, TIBCO LogLogic ST2025-SANR2 Appliance 0.0.004, TIBCO LogLogic ST2035-SAN Appliance 0.0.005, TIBCO LogLogic ST4025R1 Appliance 0.0.004, TIBCO LogLogic ST4025R2 Appliance 0.0.004, and TIBCO LogLogic ST4035 Appliance 0.0.005 using TIBCO LogLogic Log Management Intelligence versions 6.2.1 and below. | |||||
| CVE-2019-11457 | 1 Micropyramid | 1 Django Crm | 2019-10-09 | 6.8 MEDIUM | 8.8 HIGH |
| Multiple CSRF issues exist in MicroPyramid Django CRM 0.2.1 via /change-password-by-admin/, /api/settings/add/, /cases/create/, /change-password-by-admin/, /comment/add/, /documents/1/view/, /documents/create/, /opportunities/create/, and /login/. | |||||
| CVE-2019-12624 | 1 Cisco | 19 5760 Wireless Lan Controller, Catalyst 3650-12x48uq, Catalyst 3650-12x48ur and 16 more | 2019-10-09 | 6.8 MEDIUM | 8.8 HIGH |
| A vulnerability in the web-based management interface of Cisco IOS XE New Generation Wireless Controller (NGWC) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. The vulnerability is due to insufficient CSRF protections for the web-based management interface of the affected software. An attacker could exploit this vulnerability by persuading a user of the interface to follow a crafted link. A successful exploit could allow the attacker to perform arbitrary actions on an affected device by using a web browser and with the privileges of the user. | |||||
| CVE-2018-8925 | 1 Synology | 1 Photo Station | 2019-10-09 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-site request forgery (CSRF) vulnerability in admin/user.php in Synology Photo Station before 6.8.5-3471 and before 6.3-2975 allows remote attackers to hijack the authentication of administrators via the (1) username, (2) password, (3) admin, (4) action, (5) uid, or (6) modify_admin parameter. | |||||
| CVE-2018-7524 | 1 Geutebrueck | 4 G-cam\/efd-2250, G-cam\/efd-2250 Firmware, Topfd-2125 and 1 more | 2019-10-09 | 6.8 MEDIUM | 8.8 HIGH |
| A cross-site request forgery vulnerability has been identified in Geutebruck G-Cam/EFD-2250 Version 1.12.0.4 and Topline TopFD-2125 Version 3.15.1 IP cameras, which may allow an unauthorized user to be added to the system. | |||||
| CVE-2018-8844 | 1 Philips | 1 E-alert Firmware | 2019-10-09 | 6.8 MEDIUM | 8.8 HIGH |
| Philips e-Alert Unit (non-medical device), Version R2.1 and prior. The web application does not, or cannot, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request. | |||||
| CVE-2018-6651 | 2 Parsecgaming, Uncurl Project | 2 Parsec, Uncurl | 2019-10-09 | 9.3 HIGH | 8.8 HIGH |
| In the uncurl_ws_accept function in uncurl.c in uncurl before 0.07, as used in Parsec before 140-3, insufficient Origin header validation (accepting an arbitrary substring match) for WebSocket API requests allows remote attackers to bypass intended access restrictions. In Parsec, this means full control over the victim's computer. | |||||
| CVE-2018-2000 | 1 Ibm | 2 Business Automation Workflow, Business Process Manager | 2019-10-09 | 6.8 MEDIUM | 8.8 HIGH |
| IBM Business Automation Workflow 18.0.0.0 and 18.0.0.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 154890. | |||||
| CVE-2018-1927 | 1 Ibm | 1 Storediq | 2019-10-09 | 6.8 MEDIUM | 8.8 HIGH |
| IBM StoredIQ 7.6 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 153118. | |||||
| CVE-2018-1926 | 1 Ibm | 1 Websphere Application Server | 2019-10-09 | 6.8 MEDIUM | 8.8 HIGH |
| IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 Admin Console is vulnerable to cross-site request forgery, caused by improper validation of user-supplied input. By persuading a user to visit a malicious URL, a remote attacker could send a specially-crafted request. An attacker could exploit this vulnerability to perform CSRF attack and update available applications. IBM X-Force ID: 152992. | |||||
| CVE-2018-2001 | 1 Ibm | 1 Curam Social Program Management | 2019-10-09 | 6.8 MEDIUM | 8.8 HIGH |
| IBM Cram Social Program Management 6.1.1, 6.2.0, 7.0.4, and 7.0.5 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 154891. | |||||
| CVE-2018-1790 | 1 Ibm | 1 Financial Transaction Manager | 2019-10-09 | 6.8 MEDIUM | 8.8 HIGH |
| IBM Financial Transaction Manager for Digital Payments for Multi-Platform 3.0.2 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 148944. | |||||
| CVE-2018-1455 | 1 Ibm | 1 Tivoli Application Dependency Discovery Manager | 2019-10-09 | 6.8 MEDIUM | 8.8 HIGH |
| IBM Tivoli Application Dependency Discovery Manager 7.2.2 and 7.3 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 11029. | |||||
| CVE-2018-1514 | 1 Ibm | 1 Robotic Process Automation With Automation Anywhere | 2019-10-09 | 6.8 MEDIUM | 8.8 HIGH |
| IBM Robotic Process Automation with Automation Anywhere 10.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 141622. | |||||
| CVE-2018-1712 | 1 Ibm | 1 Api Connect | 2019-10-09 | 7.5 HIGH | 9.9 CRITICAL |
| IBM API Connect's Developer Portal 5.0.0.0 through 5.0.8.3 is vulnerable to Server Side Request Forgery. An attacker, using specially crafted input parameters can trick the server into making potentially malicious calls within the trusted network. IBM X-Force ID: 146370. | |||||
| CVE-2018-1442 | 1 Ibm | 1 Monitoring | 2019-10-09 | 6.8 MEDIUM | 8.8 HIGH |
| IBM Application Performance Management - Response Time Monitoring Agent (IBM Monitoring 8.1.4) is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 139598. | |||||